N Able N Central

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in N Able N Central.

Known Exploited N Able N Central Vulnerabilities

The following N Able N Central vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title	Description	Added
N-able N-Central Command Injection Vulnerability	N-able N-Central contains a command injection vulnerability via improper sanitization of user input. CVE-2025-8876 Exploit Probability: 10.3%	August 13, 2025
N-able N-Central Insecure Deserialization Vulnerability	N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution. CVE-2025-8875 Exploit Probability: 3.0%	August 13, 2025

By the Year

In 2026 there have been 0 vulnerabilities in N Able N Central. Last year, in 2025 N Central had 7 security vulnerabilities published. Right now, N Central is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	7	7.00
2024	3	9.80
2023	1	7.00

It may take a day or so for new N Central vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent N Able N Central Security Vulnerabilities

RCE via Deserialization in N-central Software Probe <2025.4
CVE-2025-11367 - November 12, 2025

The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization

Marshaling, Unmarshaling

N-central <2025.4 Auth Bypass via Path Trvser (CVE-2025-11366)
CVE-2025-11366 - November 12, 2025

N-central < 2025.4 is vulnerable to authentication bypass via path traversal

Directory traversal

N-central <2025.4 XXE Info Disclosure
CVE-2025-11700 - November 12, 2025

N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure

XXE

Unauth SessionID Generation in N-central < 2025.4
CVE-2025-9316 - November 12, 2025

N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.

Improper Validation of Specified Quantity in Input

N-Central Windows Agent/Probe Privilege Escalation via File Permission
CVE-2025-10231 7 - High - September 10, 2025

An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions.

Incorrect Default Permissions

N-able N-central OS Command Injection before 2025.3.1
CVE-2025-8876 - August 14, 2025

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

Improper Input Validation

Deserialization of Untrusted Data in N-able N-central <2025.3.1 Leads to LCE
CVE-2025-8875 - August 14, 2025

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

Marshaling, Unmarshaling

N-central (pre-2024.2) UI Auth Bypass
CVE-2024-28200 9.8 - Critical - July 01, 2024

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.

authentification

N-central Server Session Rebinding in Entra SSO (before 2024.3)
CVE-2024-5322 - July 01, 2024

The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.

N-able N-central: PrivEsc via API calls before 2023.6
CVE-2023-47132 9.8 - Critical - February 08, 2024

An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.

Local Code Exec via Monitoring in N-central (pre-2023.4)
CVE-2023-30297 7 - High - August 04, 2023

An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for N Able N Central or by N Able? Click the Watch button to subscribe.

N Able
Vendor

N Able N Central
Product

N Able N Central

Don't miss out!

Known Exploited N Able N Central Vulnerabilities

By the Year

Recent N Able N Central Security Vulnerabilities

RCE via Deserialization in N-central Software Probe <2025.4 CVE-2025-11367 - November 12, 2025

N-central <2025.4 Auth Bypass via Path Trvser (CVE-2025-11366) CVE-2025-11366 - November 12, 2025

N-central <2025.4 XXE Info Disclosure CVE-2025-11700 - November 12, 2025

Unauth SessionID Generation in N-central < 2025.4 CVE-2025-9316 - November 12, 2025

N-Central Windows Agent/Probe Privilege Escalation via File Permission CVE-2025-10231 7 - High - September 10, 2025

N-able N-central OS Command Injection before 2025.3.1 CVE-2025-8876 - August 14, 2025

Deserialization of Untrusted Data in N-able N-central <2025.3.1 Leads to LCE CVE-2025-8875 - August 14, 2025

N-central (pre-2024.2) UI Auth Bypass CVE-2024-28200 9.8 - Critical - July 01, 2024

N-central Server Session Rebinding in Entra SSO (before 2024.3) CVE-2024-5322 - July 01, 2024

N-able N-central: PrivEsc via API calls before 2023.6 CVE-2023-47132 9.8 - Critical - February 08, 2024

Local Code Exec via Monitoring in N-central (pre-2023.4) CVE-2023-30297 7 - High - August 04, 2023